Hover to Zoom HPE Aruba Instant On 10G SFP+ LC SR 300m MMF Transceiver, R9D18A Subtotal: ₹11,500.00
NAC, Software
Portnox’s Network Access Control (NAC)
Availability:
Available on backorder
Portnox Cloud is a cloud-native NAC solution that unifies Zero Trust access control, passwordless authentication, and 24/7 risk monitoring, delivering rapid deployment and compliance enforcement for all devices across wired, wireless, and VPN networks.
Compare
Portnox Cloud is a 100% cloud-native, vendor-agnostic Network Access Control (NAC) solution designed to deliver Zero Trust access control for enterprise networks, applications, and infrastructure. It provides unified authentication, risk mitigation, and compliance enforcement across wired, wireless, and VPN connections, supporting managed devices, BYOD, IoT, and OT endpoints. Portnox Cloud eliminates the need for on-premises hardware, complex configurations, or ongoing maintenance, offering a SaaS-based platform that deploys in minutes. Key features include cloud-native RADIUS and TACACS+ for authentication, passwordless certificate-based authentication, 24/7 endpoint risk monitoring, and automated remediation for compliance. With integrations to identity providers (e.g., Azure AD, Okta), SIEMs, and MDM/UEM platforms, Portnox Cloud ensures real-time visibility, granular policy enforcement, and adherence to regulatory standards like GDPR, HIPAA, and PCI-DSS. It is tailored for resource-constrained IT teams managing distributed networks, providing scalability, affordability, and ease of use.
- Architecture:
- Components:
- Portnox Cloud: Fully SaaS-based platform hosted on Azure, providing RADIUS, TACACS+, policy management, and analytics.
- AgentP: Optional lightweight agent for endpoint risk assessment and remediation (Windows, macOS, Linux, iOS, Android).
- AD Broker: Lightweight software for Active Directory authentication and access controls.
- Analytical Engine: Continuous device risk posture monitoring and policy alignment.
- Deployment Options: 100% cloud-native (Azure-hosted); optional local VMs for RADIUS backup or TACACS+ record keeping. On-premises option available via Portnox CORE.
- Scalability: Scales to millions of devices across distributed networks; supports 10 to 10,000+ devices without hardware upgrades.
- Operation Mode: Out-of-band, integrating with existing network infrastructure (switches, APs, routers) via RADIUS/TACACS+ configurations.
- Components:
- Authentication:
- Protocols: 802.1X (TLS/TTLS, PEAP-MSCHAPv2), MAC Authentication Bypass (MAB), Captive Portal, RadSec, RADIUS Proxy.
- Methods: Passwordless certificate-based authentication (via Portnox Certificate Authority or third-party CA), SSO (SAML 2.0), two-factor authentication for VPN.
- Integrations: Active Directory, Azure AD, Google Workspace, Okta, Open LDAP, SCEP for certificate enrollment.
- Security: All API calls use periodically rotated tokens; no anonymous calls or trusted IP caches. Data encrypted in transit (TLS) and at rest (Azure Cosmos DB).
- Profiling:
- Methods: DHCP fingerprinting, MAC OUI, HTTP/HTTPS analysis, network telemetry; optional AI-powered IoT fingerprinting add-on for enhanced accuracy.
- Capabilities: Identifies device type, OS, location, and access layer (wired, Wi-Fi, VPN); supports managed, BYOD, IoT, and OT devices.
- Agentless: Uses root certificates, SCEP, or MDM (e.g., Intune) for profiling; AgentP for deeper inspection.
- Policy Enforcement:
- Mechanisms: Dynamic VLAN assignment, ACLs, auto-segmentation, role-based access, risk-based access controls, port lockdown.
- Policies: Configurable based on roles, locations, device types, risk scores, and compliance status.
- Risk Engine: Continuously monitors endpoint risk (e.g., antivirus, patches, unauthorized peripherals) and adjusts access dynamically.
- Compliance Assessment:
- Checks: Firewall status, antivirus updates, OS patches, drive encryption, Windows registry keys, passcodes, and application compliance.
- Methods: Agentless (via MDM, certificates) or AgentP for real-time remediation.
- Actions: Quarantine, block, alert, or auto-remediate non-compliant devices.
- Threat Containment:
- Actions: Quarantine vulnerable devices, update firewalls/antivirus, switch to restricted VLAN, or deny access.
- Automation: Triggers responses based on risk scores or SIEM alerts within seconds.
- Integrations: SIEM (e.g., Splunk), firewalls, and XDR for coordinated response.
- Guest Access:
- Features: Role-based policies for guests/contractors, self-service portals, and credential delivery.
- Automation: Simplifies guest management with data loss prevention controls.
- Integrations:
- Identity: Azure AD, Okta, Google Workspace, Active Directory, Open LDAP.
- Security: SIEMs, firewalls, MDM/UEM (e.g., Intune, Jamf), XDR, and endpoint protection platforms.
- Network Devices: Vendor-agnostic, supports Cisco, Aruba, Juniper, Fortinet, and others via RADIUS/TACACS+.
- APIs: REST APIs for custom integrations; syslog for event logging.
- Visibility:
- Dashboards: Real-time visibility of endpoints, locations, device types, and risk postures.
- Reports: Device visibility, connection timelines, guest access history, and compliance adherence.
- Logs: Exportable for audits
Related products
-
-
-
NAC, Software
HPE Aruba ClearPass Policy Manager
ClearPass Policy Manager is a vendor-agnostic NAC solution that enforces Zero Trust access control with role-based policies, device profiling, and integrated BYOD, guest, and posture assessment, seamlessly integrating with multi-vendor networks and security ecosystems.
SKU: clearpass-policy-manager -
Router, Software
Juniper Session Smart Router
Juniper Session Smart Router (SSR) Series: Tunnel-free, application-aware SD-WAN solution with Zero Trust security. Delivers agile, secure WAN connectivity, 30–50% bandwidth savings, and AI-driven insights via Mist WAN Assurance. Scalable for SD-WAN, SD-Branch, multicloud, and IoT, it supports physical (NFX, white-box), virtual (VMware, KVM, AWS, Azure), and cloud deployments with Junos OS and advanced security (URL filtering, IDS/IPS).
SKU: SSR
